ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] What are the IPs that sends mail for a domain?

2009-06-16 23:36:47
from [Bill Cole] [Permanent Link] 
Franck Martin wrote, On 6/16/09 6:20 PM:

I recently encountered the following question/problems.

I have a mail server and one of my users complains he is not receiving
emails from a domain. How do I find if I have blocked the domain from
sending to my server. Meaning, knowing the domain name of the sender,
how do I find the IPs from where the mail could be sent from.


There is no reliable way to do so.


It seems
that SPF is the only tool to provide that answer?
Only partially. SPF cannot be considered reliable, since not all domains publish records and some publish inaccurate records. 

There have been other proposed approaches that may have some deployment:

CSV/CSA: http://mipassoc.org/csv/draft-ietf-marid-csv-csa-02.html
DRIP: http://tools.ietf.org/html/draft-brand-drip-02


In another related problem, which is linked to IPv6 and RBL. Buidling an
IPv6 RBL could lead to a huge database. Sure you can alleviate by using
"wildcards", but why not use the reverse DNS resolution to add a TXT
record associated to the IP to indicate the IP is the one of a mail
server? So any IP that does not have this record would be blocked for
SMTP. As IPv6 is not used for SMTP (or barely), this could be made
mandatory for IPv6 and optional for IPv4. An MUA could talk to an MTA on
port 25 because we know the the etwork range of the MUA or the
alternative is to use the new mail submit port.
Similar proposals have been made before, and I'm pretty sure one such has been made on this list although I can't find proof of that at present.
There's always some degree of resistance to putting information into the reverse zone because it is frequently under different control than related forward zones and can be a chore to get set or changed. There are also concerns about loading up new sorts of records into the reverse zone because it is a simpler tree that has traditionally had light query volume, and the existing systems may not be prepared to handle an extra query down the reverse tree for every SMTP connection.
That said, I think that adding DNS records that map specific network addresses to their legitimate behaviors in a generalized model would be a positive advance. 
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] What are the IPs that sends mail for a domain?, Franck Martin
Next by Date:  Re: [Asrg] What are the IPs that sends mail for a domain?, der Mouse
Previous by Thread:  Re: [Asrg] What are the IPs that sends mail for a domain?, Ian Eiloart
Next by Thread:  Re: [Asrg] What are the IPs that sends mail for a domain?, Rich Kulawiec
Indexes:  [Date] [Thread] [Top] [All Lists]